通信人家园

标题: 如何使用scapy或者别的工具解析过UDP-encapsulated ESP messages  [查看完整版帖子] [打印本页]
时间:  2022-7-12 18:04
作者: land_litao     标题: 如何使用scapy或者别的工具解析过UDP-encapsulated ESP messages

有同学使用scapy或者别的工具解析过UDP-encapsulated ESP messages没,就像下图这个wireshark消息,写了个测试程序,解析出来和wireshark里的不一样。
  1. import scapy
  2. from scapy.all import *
  3. from scapy.utils import PcapReader
  4. from Crypto.Cipher import AES

  6. packets=rdpcap(r"tcpdump_NTLog_V2_2022_0314_190713_start_1.cap")

  8. sa = SecurityAssociation(ESP,
  9.                          spi=0x8610c449)

  11. # C:\Users\[username]\AppData\Roaming\Wireshark\esp_sa
  12. # "IPv4","192.168.2.72","207.219.233.33","0x8610c449","AES-CBC [RFC3602]","0x0bca0574cba28f949390a552cfbd8605","HMAC-SHA-1-96 [RFC2404]","0x6f8f7a3044fdc68dfa50c70c91bcb306fa6e1952"
  13. res = CRYPT_ALGOS['AES-CBC'].decrypt(sa, packets[239][ESP], b'0bca0574cba28f949390a552cfbd8605', icv_size=12)
  14. print(f'res.iv lenght is {len(res.iv)}')
  15. for i in res.data:
  16.     print(hex(i))
  17.     break

  19. res.show()
复制代码






通信人家园 (https://www.txrjy.com/) Powered by C114